What is SAML?
An XML-based standard for exchanging authentication data between an identity provider and a service provider, commonly used in enterprise single sign-on.
SAML (Security Assertion Markup Language) allows you to log in once with an identity provider and access multiple services without re-authenticating.
How It Works
- User tries to access a service (Service Provider)
- Service redirects to Identity Provider (IdP)
- User authenticates with the IdP
- IdP sends a signed SAML assertion back to the service
- Service grants access based on the assertion
Privacy Considerations
- The Identity Provider knows every service you access
- SAML assertions can contain extensive user attributes
- Minimizing shared attributes improves privacy
SAML vs OAuth/OIDC
- SAML is XML-based and older (2005)
- OAuth 2.0/OIDC is JSON-based and more modern
- SAML is still dominant in enterprise environments
- OAuth/OIDC is preferred for consumer applications
Related Terms
OAuth
An open standard for authorization that allows users to grant third-party applications limited access to their accounts without sharing passwords. OAuth powers 'Login with Google/Facebook' buttons and API access delegation.
Single Sign-On
An authentication method allowing users to access multiple applications with one set of credentials. While convenient for users and administrators, SSO creates a single point of failure—compromise one account, compromise them all.
Have more questions?
Use our guided flow to get the right next privacy step for SAML.
Open Guided Flow